CVE-2020-11849

{"id": "CVE-2020-11849", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2020-07-08T14:15:10.320", "references": [{"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html", "source": "security@opentext.com"}, {"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html", "source": "security@opentext.com"}, {"url": "https://www.netiq.com/documentation/identity-manager-47/releasenotes_idm4741_apps/data/releasenotes_idm4741_apps.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.netiq.com/documentation/identity-manager-48/releasenotes_idm4811_apps/data/releasenotes_idm4811_apps.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "Elevation of privilege and/or unauthorized access vulnerability in Micro Focus Identity Manager. Affecting versions prior to 4.7.3 and 4.8.1 hot fix 1. The vulnerability could allow information exposure that can result in an elevation of privilege or an unauthorized access."}, {"lang": "es", "value": "Una elevaci\u00f3n de privilegios y/o vulnerabilidad de acceso no autorizado en Micro Focus Identity Manager. Afecta las versiones anteriores a 4.7.3 y 4.8.1 hotfix 1. La vulnerabilidad podr\u00eda permitir una exposici\u00f3n de informaci\u00f3n que puede resultar en una elevaci\u00f3n de privilegios o un acceso no autorizado"}], "lastModified": "2024-11-21T04:58:45.160", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:microfocus:identity_manager:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3573217C-CFC5-4182-A155-A7AE7BC32D90", "versionEndExcluding": "4.7.3"}, {"criteria": "cpe:2.3:a:microfocus:identity_manager:4.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8DE9224-3E08-4106-BC98-B3D55A1534EE"}, {"criteria": "cpe:2.3:a:microfocus:identity_manager:4.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B47A735B-9D09-4B3D-AAED-622CD28A0CD6"}], "operator": "OR"}]}], "sourceIdentifier": "security@opentext.com"}